CNAMEs pointing to outside domains
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Tue Jun 18 01:37:10 UTC 2002
> I am running Bind 9.2.1 and attempting to limit the hosts that can query my
> DNS server with the allow-query and allow-recursion options in named.conf.
> When I restrict these options to a list of trusted networks, from a host
> outside the list of trusted networks I am unable to lookup CNAMEs that refer
> to hosts that are part of domains not local to my DNS server.
>
> For example, for the record:
>
> www.localdomain.com IN CNAME www.outsidedomain.com.
>
> Lookups on www.localdomain.com fail with a 'Query denied' error when queried
> via nslookup from a host outside of the list of trusted networks for my DNS
> server.
>
> When I set allow-query to 'any' and restrict recursion to a list of trusted
> networks with the allow-recursion option a nslookup of www.localdomain.com
> from a host outside the list of trusted networks returns the list of root
> DNS servers.
>
> Is it possible to configure Bind 9.2.1 to allow queries CNAMEs that refer to
> non-local domains and still restrict queries and recursive queries for other
> domains and records?
>
> --Vincent
I suggest that you test with a non-recursive query which is what
nameservers performing interative resolution do.
Mark
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list